You are here

Investigating SANS/CWE Top 25 Programming Errors

On January 12, 2009, experts from more than 30 cyber security organizations jointly released a consensus list of the top 25 most dangerous programming errors (http://www.sans.org/top25errors/). This list attempts to boil down the more than 700 possible causes of software security issues to the ones that are so prevalent and severe that no software should be released to customers without evidence that measures were taken to ensure the software does not contain any of these errors. The Top 25 errors were further broken down into 3 categories: Insecure Interaction between Components that contains 9 errors, Risky Resource Management which contains 9 errors and Porous Defenses has the final 7 errors.